Skip to content

Fix/sud/trivy img scan #767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
SudarshanaPanda wants to merge 3 commits into from
Closed

Fix/sud/trivy img scan #767

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c4e8e6a
Trivy_scans: updated the images and tag version
SudarshanaPanda Oct 8, 2025
4baa663
trivy: minor fix
SudarshanaPanda Oct 8, 2025
287b8d4
Sample_app_scans: Addressed PR review comment
SudarshanaPanda Oct 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 15 additions & 13 deletions .github/workflows/industrial-edge-insights-time-series-scans.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,24 +183,26 @@ jobs:
echo "Building Wind Turbine Sample App and scanning Image"
Copy link
Copy Markdown
Contributor

@vkb1 vkb1 Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's rename this as "Building Time Series sample apps and scanning images..."

cd manufacturing-ai-suite/industrial-edge-insights-time-series/
make down
sed -i -e "s|OPC_UA_SERVER_IMAGE=.*|OPC_UA_SERVER_IMAGE=ia-opcua-server:latest|g" .env
sed -i -e "s|MQTT_PUBLISHER_IMAGE=.*|MQTT_PUBLISHER_IMAGE=ia-mqtt-publisher:latest|g" .env
sed -i -e "s|OPC_UA_SERVER_IMAGE=.*|OPC_UA_SERVER_IMAGE=ia-opcua-server:1.0.0-weekly|g" .env
sed -i -e "s|MQTT_PUBLISHER_IMAGE=.*|MQTT_PUBLISHER_IMAGE=ia-mqtt-publisher:1.1.0-weekly|g" .env
Comment on lines +186 to +187
Copy link
Copy Markdown
Contributor

@vkb1 vkb1 Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These lines are reduntant, can be removed.

make build
source .env
IMAGE_TO_SCAN1=${MQTT_PUBLISHER_IMAGE}${IMAGE_SUFFIX:+-${IMAGE_SUFFIX}}
IMAGE_TO_SCAN2=${OPC_UA_SERVER_IMAGE}${IMAGE_SUFFIX:+-${IMAGE_SUFFIX}}
Comment on lines +190 to +191
Copy link
Copy Markdown
Contributor

@vkb1 vkb1 Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can have a loop to execute the below steps for above 2 entries, the above 2 entries can be kept simple as below:
OPCUA_IMAGE=${OPC_UA_SERVER_IMAGE}-${IMAGE_SUFFIX}
MQTT_PUB_IMAGE=${OPC_UA_SERVER_IMAGE}-${IMAGE_SUFFIX}

trivy image "${IMAGE_TO_SCAN2}" --ignore-unfixed --format template --template "@trivy-html.tpl" -o trivy-image-scan-opcua-server-ignore-unfixed.html
trivy image "${IMAGE_TO_SCAN2}" --ignore-unfixed --format template --template "@csv.tpl" -o trivy-image-scan-opcua-server-ignore-unfixed.csv
trivy image --quiet --format spdx-json --output trivy-image-scan-opcua-server.spdx.json "${IMAGE_TO_SCAN2}"

trivy image ia-opcua-server:latest --ignore-unfixed --format template --template "@trivy-html.tpl" -o trivy-image-scan-opcua-server-ignore-unfixed.html
trivy image ia-opcua-server:latest --ignore-unfixed --format template --template "@csv.tpl" -o trivy-image-scan-opcua-server-ignore-unfixed.csv
trivy image --quiet --format spdx-json --output trivy-image-scan-opcua-server.spdx.json ia-opcua-server:latest
trivy image --list-all-pkgs --format template --template "@csv.tpl" --output trivy-image-scan_opcua-server-list-all-pkgs.csv "${IMAGE_TO_SCAN2}"
trivy image --ignore-unfixed "${IMAGE_TO_SCAN2}" | tee trivy-image-scan-opcua-server-ignore-unfixed.txt

trivy image --list-all-pkgs --format template --template "@csv.tpl" --output trivy-image-scan_opcua-server-list-all-pkgs.csv ia-opcua-server:latest
trivy image --ignore-unfixed ia-opcua-server:latest | tee trivy-image-scan-opcua-server-ignore-unfixed.txt

trivy image "${IMAGE_TO_SCAN1}" --ignore-unfixed --format template --template "@trivy-html.tpl" -o trivy-image-scan-mqtt-publisher-ignore-unfixed.html
trivy image "${IMAGE_TO_SCAN1}" --ignore-unfixed --format template --template "@csv.tpl" -o trivy-image-scan-mqtt-publisher-ignore-unfixed.csv
trivy image --quiet --format spdx-json --output trivy-image-scan-mqtt-publisher.spdx.json "${IMAGE_TO_SCAN1}"

trivy image ia-mqtt-publisher:latest --ignore-unfixed --format template --template "@trivy-html.tpl" -o trivy-image-scan-mqtt-publisher-ignore-unfixed.html
trivy image ia-mqtt-publisher:latest --ignore-unfixed --format template --template "@csv.tpl" -o trivy-image-scan-mqtt-publisher-ignore-unfixed.csv
trivy image --quiet --format spdx-json --output trivy-image-scan-mqtt-publisher.spdx.json ia-mqtt-publisher:latest

trivy image --list-all-pkgs --format template --template "@csv.tpl" --output trivy-image-scan-mqtt-publisher-list-all-pkgs.csv ia-mqtt-publisher:latest
trivy image --ignore-unfixed ia-mqtt-publisher:latest | tee trivy-image-scan-mqtt-publisher-ignore-unfixed.txt
trivy image --list-all-pkgs --format template --template "@csv.tpl" --output trivy-image-scan-mqtt-publisher-list-all-pkgs.csv "${IMAGE_TO_SCAN1}"
trivy image --ignore-unfixed "${IMAGE_TO_SCAN1}" | tee trivy-image-scan-mqtt-publisher-ignore-unfixed.txt

echo "completed Wind Turbine Sample App Image scanning"

Expand Down